Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

IIA IIA-CIA-Part3-3P - CIA Exam Part Three: Business Knowledge for Internal Auditing

IIA IIA-CIA-Part3-3P Premium Access     Download Demo    
Page: 8 / 15
Total 488 questions

The first step in determining product price is:

A.

Determining the cost of the product.

B.

Developing pricing objectives.

C.

Evaluating prices set by the competitors.

D.

Selecting a pricing method.

According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?

A.

Key processes across the entity which impact quality must be identified and included.

B.

The quality management system must be documented in the articles of incorporation, quality manual,

procedures, work instructions, and records.

C.

Management must review the quality policy, analyze data about quality management system

performance, and assess opportunities for improvement and the need for change.

D.

The entity must have processes for inspections, testing, measurement, analysis, and improvement.

Which of the following best describes the concept of relevant cost?

A.

A future cost that is the same among alternatives.

B.

A future cost that differs among alternatives.

C.

A past cost that is the same among alternatives.

D.

A past cost that differs among alternatives.

An organization has received funding to continue a program that utilizes an in-house Due to new legislative requirements the application will require additional features to capture information not previously collected Which of the following is the most critical for completing this specific project?

A.

A detailed budget that identifies hardware resources for the project

B.

A Gantt chart that identifies the critical path for completing the project

C.

Change management controls to avoid technical conflicts within the application

D.

A project plan with a flexible scope to accommodate legislative requirements

Based on lest results an IT auditor concluded that the organization would suffer unacceptable toss of data if there was a disaster at its data center. Which of the following test results would likely lead the auditor to this conclusion?

A.

Requested backup tapes were not returned from the offsite vendor in a timely manner

B.

Returned backup tapes from the offsite vendor contained empty spaces

C.

Critical systems have been Backed up more frequently than required.

D.

Critical system backup tapes are taken off site less frequently than required.

Which of following best demonstrates the application of the cost principle?

A.

A company reports trading and investment securities at their market cost.

B.

A building purchased last year for $1 million is currently worth $1.2 million, but the company still reports the building at $1 million.

C.

A building purchased last year for $1 million is currently worth $1.2 million, and the company adjusts the records to reflect the current value.

D.

A company reports assets at either historical or fair value, depending which is closer to market value.

According to HA guidance or IT which of the following spreadsheets is most likely to be considered a high-risk user-develop application?

A.

A revenue calculation spreadsheet supported with price and volume reports from the production department

B.

An asset retirement calculation spreadsheet comprised of multiple formulas and assumptions

C.

An ad-hoc inventory listing spreadsheet comprising details of written-off inventory quantitates

D.

An accounts receivable reconciliation spreadsheet used by the accounting manager to verify balances.

During disaster recovery planning, the organization established a recovery point objective. Which of the following best describes this concept?

A.

The maximum tolerable downtime after the occurrence of an incident.

B.

The maximum tolerable data loss after the occurrence of an incident.

C.

The maximum tolerable risk related to the occurrence of an incident.

D.

The minimum recovery resources needed after the occurrence of an incident.

Which of the following statements is true regarding user-developed applications (UDAs) and traditional IT applications?

A.

UDAs and traditional IT applications typically follow a similar development life cycle.

B.

A UDA usually includes system documentation to illustrate its functions, and IT-developed applications typically do not require such documentation.

C.

Unlike traditional IT applications, UDAs typically are developed with little consideration of controls.

D.

IT testing personnel usually review both types of applications thoroughly to ensure they were developed properly.

An organization allows employees to use mobile devices for business purposes.

Which of the following could cause decreased employee productivity in case of data loss?

A.

Malware resulting in data leakage.

B.

Exposure of sensitive data.

C.

Lack of data encryption.

D.

Lack of data back up.